Development discussion of WireGuard
 help / color / mirror / Atom feed
* OSX and Happy Eyeballs
@ 2020-11-17 12:00 Marco Davids (SIDN)
  2020-11-18  7:32 ` Roman Mamedov
  0 siblings, 1 reply; 3+ messages in thread
From: Marco Davids (SIDN) @ 2020-11-17 12:00 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1.1: Type: text/plain, Size: 775 bytes --]

Hello,

We have a Wireguard VPN and everything is working fine.

There is just one little thing: IPv6 Happy Eyeballs.

Without the VPN enabled, happy eyeballs works fine. The AAAA (IPv6) is 
preferred over A (IPv4). But as soon as we enable the tunnel, it's the 
other way around.

IPv6-only sites are perfectly reachable, but dual-stack sites are always 
reached over IPv4.

It is not a showstopper, but I am just trying to understand why this is.

Anyone with the same experience and more knowledge about the inner 
workings of Wireguard and Apple's happy eyeballs implementation that 
would care to comment?

Thanks!

-- 
Marco Davids

small, self explanatory test here:

https://badipv4.sidnlabs.nl/ip.php
https://badipv6.sidnlabs.nl/ip.php


[-- Attachment #1.1.2: OpenPGP_0xBB2857E82C0F54F3_and_old_rev.asc --]
[-- Type: application/pgp-keys, Size: 105171 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: OSX and Happy Eyeballs
  2020-11-17 12:00 OSX and Happy Eyeballs Marco Davids (SIDN)
@ 2020-11-18  7:32 ` Roman Mamedov
  2020-11-18  9:29   ` Marco Davids (SIDN)
  0 siblings, 1 reply; 3+ messages in thread
From: Roman Mamedov @ 2020-11-18  7:32 UTC (permalink / raw)
  To: Marco Davids (SIDN); +Cc: wireguard

On Tue, 17 Nov 2020 13:00:01 +0100
"Marco Davids (SIDN)" <marco.davids@sidn.nl> wrote:

> Hello,
> 
> We have a Wireguard VPN and everything is working fine.
> 
> There is just one little thing: IPv6 Happy Eyeballs.
> 
> Without the VPN enabled, happy eyeballs works fine. The AAAA (IPv6) is 
> preferred over A (IPv4). But as soon as we enable the tunnel, it's the 
> other way around.
> 
> IPv6-only sites are perfectly reachable, but dual-stack sites are always 
> reached over IPv4.
> 
> It is not a showstopper, but I am just trying to understand why this is.
> 
> Anyone with the same experience and more knowledge about the inner 
> workings of Wireguard and Apple's happy eyeballs implementation that 
> would care to comment?

Do you use ULA IPs (fc00::/7) for the tunnel endpoints? Those are always
depreferred compared to IPv4. See RFC 6724:

https://tools.ietf.org/html/rfc6724#section-2.1

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: OSX and Happy Eyeballs
  2020-11-18  7:32 ` Roman Mamedov
@ 2020-11-18  9:29   ` Marco Davids (SIDN)
  0 siblings, 0 replies; 3+ messages in thread
From: Marco Davids (SIDN) @ 2020-11-18  9:29 UTC (permalink / raw)
  To: wireguard; +Cc: Roman Mamedov

Hi Roman,

Op 18-11-2020 om 08:32 schreef Roman Mamedov:

> Do you use ULA IPs (fc00::/7) for the tunnel endpoints? Those are always
> depreferred compared to IPv4. See RFC 6724:

Actually we do this:

10.42.42.0/24
fddd:42:42:42/64

Let us test with some other prefix. Thanks for the hint.

I'll get back with results, once we have them.

-- 
Marco


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-11-18  9:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-17 12:00 OSX and Happy Eyeballs Marco Davids (SIDN)
2020-11-18  7:32 ` Roman Mamedov
2020-11-18  9:29   ` Marco Davids (SIDN)

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git